Comment by LAC-Tech
9 hours ago
It's worth pointing out that "unsafe" in rust is not a very sound concept - it's not like a monad or "function colour" whereby the compiler can say "this code ultimately calls unsafe". It's more like a comment on steroids; you call unsafe in a function, write a comment about it, and no caller of that function would have any idea that it's calling unsafe code.
Yes, the point of unsafe is that you promise it's safe, you promise to preserve the necessary invariants to make it safe to call no matter from where. It was never supposed to "taint" all code that calls it, that would defeat its purpose. It's sound enough, it's just not at all trying to do that.
Yes I understand what they were trying to do and this is the ugly hack they came up with.
I just don't like it. I am not ignorant of their intentions, it just does not work well.
Unsafe code is normal. Trying to hide it is unsound. And I stand by that.